Business transactions such as payment transactions performed over wireless networks need to be secured. This implies identification of the device connecting for the transactions and of the device user, author of the transaction.
For wireless device identification, when a SMS message is sent, the phone number is identified and a server can associate the message with information already stored. The authentication may consist in validating that the phone number is a phone number corresponding to an existing and authorized user. This authentication validates the device itself but does not validate the user of the device. That is why an additional identification of the user is required to be entered by the user and sent for verification to the application servers.
Some sample solutions exist today for performing payment over wireless networks with the use of a wireless payment terminal using Short Messaging Service (SMS) messaging over a GSM like wireless network. In the International Applications under the PCT WO 9613814 published on May 9, 1996 and WO 9745814 published on Dec. 4, 1997, the user, through a dedicated wireless payment terminal, performs payment or balance information transactions towards a bank computing station. The identification is performed by the user at the time of transaction and the identification is confirmed (authenticated) by the network service provider or the computing station which confirms that the information transferred by SMS belongs to an authorized subscriber.
If the banks and some retailers may invest in dedicated payment terminals, there is a need also to provide on existing common customer and retailer equipment, a way to perform payments with secure identification. The common communication equipment owned by a customer is the mobile phone and the equipment owned by the retailer is an independent computer or, more frequently, a POS or POE thin user computer system such as a palm, pocket PC or similar. This later device at the retailer location has programming capabilities and uses wired or wireless communication to an application server which processes the usual retailer's transactions. The application server may itself communicate with other banking services for the retailer final banking operations.
It is in the business activity requiring a first step of booking a service such as taxi or restaurant reservation, that there is a need today to provide a secure method of booking and payment even when the customer and retailer have standard equipment. It would be of a great interest to provide security over the use of common communication and processing equipment such as a mobile phone for the customer and a standard thin user PC at the location of the retailer selling services to the customer.